Documentation

EPM-L settings

Suggest Edits

What are EPM-L settings?

EPM-L settings are various keywords specific to EPM Cloud for Linux.

📘

Note

Not all settings are editable. See the EPM Cloud for Linux settings list for a complete list of settings and identify if you can edit them in EPM Cloud for Linux.

Setting views

There are two views available to you on the EPM-L Settings page.

  • Summary view: In this default view, filter your search results settings using the search field and the All Settings or Errored Settings list options to view setting details.
  • Editor view: View and edit some of the EPM Cloud for Linux settings. Filter your search results settings using the search field and the All Settings or Errored Settings list options to edit some of the results.

Search for and view a setting

  1. Click an icon with three horizontal lines > Endpoint Privilege Management for Linux > EPML Settings.
    The Endpoint Privilege Management for Linux Settings page displays with the Summary View tab open by default.
  2. Enter text in the Settings Filter box to filter your search.
  3. Click All Settings to search all settings, or click Errored Settings to view only errored settings.
    Your search results display.
  4. Locate the setting in the results and review the details.

Edit a setting

  1. Click an icon with three horizontal lines > Endpoint Privilege Management for Linux > EPML Settings.
    The Endpoint Privilege Management for Linux Settings page displays.
  2. Click the Editor View tab.
  3. Enter text in the Settings Filter box to filter your search.
  4. Click All Settings to search all settings, or click Errored Settings to view only errored settings.
  5. After you find the setting you want to edit, expand the setting to view its parameters.
  6. If the setting is editable, update it.
  7. Click Save.
    The setting saves and is applied wherever used in EPM Cloud for Linux.

Edit the proxy server settings

EPM Cloud for Linux uses proxy server settings in the installer packages you deploy once you've created your role-based policies.

  1. Click an icon with three horizontal lines > Endpoint Privilege Management for Linux > EPML Settings.
    The Endpoint Privilege Management for Linux Settings page displays.
  2. Click the Editor View tab.
  3. Enter proxy in the Settings Filter box.
    Three settings display:
  • proxy_server (editable): The IP address or URL for the proxy server. The default value is none (no proxy support).
  • proxy_type (non-editable): The only supported value is HTTP.
  • proxy_port (editable): The port number of the proxy. Default value is 8080.
  1. Expand each proxy setting you want to update for your installer packages.
  2. Edit the setting(s).
  3. Click Save.
    The proxy settings are now ready for your installer packages.

EPM Cloud for Linux settings list

These settings (keywords) were developed specifically for use with EPM Cloud for Linux.

computelogdiskusageinterval

Available in version 24.1 and later.

The computelogdiskusageinterval keyword specifies the interval, in minutes, between collections of the total size of all IO log files on the disk. Note that the total size of all IO logs won’t be collected at all if iologdiskspacelimitkb is less than or equal to 0.

Example

computelogdiskusageinterval 5

Default

5

Used on

Log servers

Changeable on

Log servers

enablehealthmonitoring

Available in version 24.1 and later.

The enablehealthmonitoring keyword specifies whether EPM Cloud for Linux should collect and report health monitoring data.

Example

enablehealthmonitoring yes

Default

Yes on SaaS servers, no everywhere else.

Used on

SaaS servers

Changeable on

SaaS servers

eventlogfilesizelimitkb

Available in version 24.1 and later.

The eventlogfilesizelimitkb keyword specifies the maximum size (in kilobytes) of the event log stored on a log server. If a client submits a request that causes this limit (when positive) to be exceeded, then the client will fail with an error.

Example

eventlogfilesizelimitkb 524288

Default

-1 (not enforcing)

Used on

Log servers

Changeable on

Log servers

iologdiskspacelimitkb

Available in version 24.1 and later.

The iologdiskspacelimitkb keyword specifies the maximum occupancy (in kilobytes) of all IO logs stored on a log server. If a client submits an IO log that causes this limit to be exceeded (when it it's positive), then the client will fail with an error.

Example

iologdiskspacelimitkb 1048576

Default

-1 (not enforcing)

Used on

Log servers

Changeable on

Log servers

iologfilesizelimitkb

Available in version 24.1 and later.

The iologfilesizelimitkb keyword specifies the maximum size (in kilobytes) of an individual IO log that can be stored on a log server. If a client (e.g., pbrun) tries to submit an IO log that exceeds this value (when it is positive), then the client will fail with an error.

Example

iologfilesizelimitkb 2048

Default

-1 (not enforcing)

Used on

Log servers

Changeable on

Log servers

listenbacklog

Available in version 24.1 and later.

The listenbacklog keyword specifies the backlog limit for the listening socket’s queue of pending connections.

Valid values for the setting range from 0 - 65535. A value of “0” will implicitly use a default value of 1024.

Note that the actual backlog value used may be limited by the system.

Example

listenbacklog 0

Default

0 Implicitly set the value to 1024.

Used on

Servers (SaaS and non-SaaS)

Changeable on

Servers (SaaS and non-SaaS)

pblogdeventresponsedurationmsbuckets

Available in version 24.1 and later.

The pblogdeventresponsedurationmsbuckets keyword specifies histogram buckets (in milliseconds) for collecting pblogd response times for logging event data. These can be used to determine SLOs for pblogd event responsiveness.

Example

pblogdeventresponsedurationmsbuckets 100 200 300 400 500 600 700 800 900 1000 2000 4000 8000

Default

100 200 300 400 500 600 700 800 900 1000 2000 4000 8000

Used on

SaaS servers

Changeable on

SaaS servers

pblogdiologrundurationmsbuckets

Available in version 24.1 and later.

The pblogdiologrundurationmsbuckets keyword specifies histogram buckets (in milliseconds) for collecting the times required for pblogd to complete an IO log cycle from open to close. It may be used to determine an SLO for IO log processing but will depend on the typical size of customer IO logs.

Example

pblogdiologrundurationmsbuckets 100 200 300 400 500 600 700 800 900 1000 2000 4000 8000

Default

100 200 300 400 500 600 700 800 900 1000 2000 4000 8000

Used on

SaaS servers

Changeable on

SaaS servers

pblogdiologwritedurationmsbuckets

Available in version 24.1 and later.

The pblogdiologwritedurationmsbuckets keyword specifies histogram buckets (in milliseconds) for collecting the times required for pblogd to complete a single IO log write operation. It can be used to devise SLOs for IO log write performance.

Example

pblogdiologwritedurationmsbuckets 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1.0 2.0 4.0 8.0

Default

0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1.0 2.0 4.0 8.0

Used on

SaaS servers

Changeable on

SaaS servers

pbmasterdresponsedurationmsbuckets

Available in version 24.1 and later.

The pbmasterdresponsedurationmsbuckets keyword specifies histogram buckets (in milliseconds) for collecting pbmasterd response times. These can be used to determine Service Level Objectives (SLOs) for pbmasterd responsiveness.

Example

pbmasterdresponsdurationmsbuckets 100 200 300 400 500 600 700 800 900 1000 2000 4000 8000

Default

100 200 300 400 500 600 700 800 900 1000 2000 4000 8000

Used on

SaaS servers

Changeable on

SaaS servers

pbsaasdb

Available in version 24.1 and later.

The pbsaasdb keyword specifies the location of the EPM Cloud for Linux database.

Example

pbsaasdb /opt/pbul/dbs/pbsaas.db

Default

/opt/pbul/dbs/pbsaas.db on SaaS servers.

Used on

SaaS servers

Changeable on

SaaS servers

policyacktimeout

Available in version 24.1 and later.

The policyacktimeout keyword specifies time in seconds allowed for each ACKnowledgement message.

Valid value between 1 - 600.

Example

policyacktimeout 10

Default

10

Used on

Clients (SaaS and non-SaaS)

saasawsclitimeout

Available in version 24.1 and later.

The saasawsclitimeout keyword specifies how long EPM Cloud for Linux can spend in an AWS command-line interface (CLI) call before timing out.

Example

saasawsclitimeout 30

Default

30

Used on

SaaS servers

Changeable on

SaaS servers

Changeable on

Clients (SaaS and non-SaaS)

saasclientpkgdest

Available in version 24.1 and later.

The saasclientpkgdest keyword specifies the AWS S3 bucket into which the server copies client packages that it has built. This is the location from which clients download them using the EPM Cloud for Linux user interface.

Example

saasclientpkgdest s3://epml-client-packages

Default

s3://epml-client-packages

Used on

SaaS servers

Changeable on

Not changeable

saas_enabled

Available in version 24.1 and later.

The saas_enabled keyword controls whether the installation is SaaS-specific. A proprietary extension is used to distinguish between SaaS clients and servers.

Example

saas_enabled yes

Default

Yes on SaaS clients and servers; no on non-SaaS (on-premises) installations.

Used on

SaaS servers, SaaS clients

Changeable on

Not changeable

saasserverentrypoint

Available in version 24.1 and later.

The saasserverentrypoint keyword defines the public name of the SaaS server’s entry point to which clients will connect.

Example

saasserverentrypoint gateway.epm.beyondtrust.io

> ```

Default

No default value

Used on

SaaS servers, SaaS clients

Changeable on

Not changeable

saasserveridletimeout

Available in version 24.1 and later.

The saasserveridletimeout keyword is the idle timeout limit in seconds for SaaS connections.

⚠️

Important

Do not change the value unless directed by BeyondTrust Technical Support.

Example

saasserveridletimeout 898

Default

898

Used on

SaaS clients

Changeable on

SaaS clients

saasserverrbprefreshsecs

Available in version 24.1 and later.

The saasserverrbprefreshsecs keyword specifies the interval between RBP database refreshes on SaaS servers.

Example

saasserverrbprefreshsecs 3600

Default

3600

Used on

SaaS servers

Changeable on

SaaS servers

saasserversettingsrefreshsecs

Available in version 24.1 and later.

The saasserversettingsrefreshsecs keyword specifies the interval to refresh cached settings on SaaS servers.

Example

saasserversettingsrefreshsecs 21600

Default

21600

Used on

SaaS servers

Changeable on

SaaS servers

saassharedlocation

Available in version 24.1 and later.

The saassharedlocation keyword specifies the location of the Elastic File System (EFS) share on which persistent files will be stored. These files will survive reboots associated with maintenance and autoscaling.

Example

saassharedlocation /efs

Default

/efs

Used on

SaaS servers

Changeable on

SaaS servers

tenant_id

Available in version 24.1 and later.

The tenant_id keyword defines the name of a tenant that consists of one or more AWS SaaS servers.

Example

tenant_id tenant-tf

Default

No default value

Used on

SaaS servers, SaaS clients

Changeable on

Not changeable

Updated 15 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.